HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a file upload vulnerability that stems from the application’s lack of effective validation of uploaded files. An attacker can exploit this vulnerability to upload a malicious script that executes arbitrary PHP code on the system.